From 971f09abe486185247e1faf4e8d1419ba2506b8d Mon Sep 17 00:00:00 2001
From: Luca Casonato <hello@lcas.dev>
Date: Thu, 23 May 2024 00:03:35 +0200
Subject: fix(runtime): use more null proto objects (#23921)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is a primordialization effort to improve resistance against users
tampering with the global `Object` prototype.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
---
 ext/console/01_console.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'ext/console')

diff --git a/ext/console/01_console.js b/ext/console/01_console.js
index 2b8075668..32d8d653c 100644
--- a/ext/console/01_console.js
+++ b/ext/console/01_console.js
@@ -2930,7 +2930,7 @@ function cssToAnsi(css, prevCss = null) {
   return ansi;
 }
 
-function inspectArgs(args, inspectOptions = {}) {
+function inspectArgs(args, inspectOptions = { __proto__: null }) {
   const ctx = {
     ...getDefaultInspectOptions(),
     colors: inspectOptions.colors ?? !noColorStdout(),
@@ -3124,7 +3124,7 @@ class Console {
     );
   };
 
-  dir = (obj = undefined, options = {}) => {
+  dir = (obj = undefined, options = { __proto__: null }) => {
     this.#printFunc(
       inspectArgs([obj], {
         ...getConsoleInspectOptions(noColorStdout()),
@@ -3232,7 +3232,7 @@ class Console {
       resultData = [...new SafeSetIterator(data)];
     } else if (isMapObject) {
       let idx = 0;
-      resultData = {};
+      resultData = { __proto__: null };
 
       MapPrototypeForEach(data, (v, k) => {
         resultData[idx] = { Key: k, Values: v };
@@ -3390,7 +3390,7 @@ const customInspect = SymbolFor("Deno.customInspect");
 
 function inspect(
   value,
-  inspectOptions = {},
+  inspectOptions = { __proto__: null },
 ) {
   // Default options
   const ctx = {
-- 
cgit v1.2.3